
87
android Malware trends and reversing taCtiCs
clear though, it does exactly as it describes. e DownloadText initiates
an HTTP get request to the server built above, http://l0rdzs0ldierz.com/
command.php?action=recv, and then parses the response saving it into
the previously initialized array. Upon returning into the background
task, we see the sendTextMessage code being executed.
is will essentially send the text message to the phone number
pulled from the server, with the corresponding text spam. In the cases
Image 6.6 SpamSoldier TestService sending text messages.
Image 6.7 SpamSoldier TestService C&C communication.